Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

SQL Server Reporting Services Column Level Security

0
0

By:Rahul Mehta || Related Tips: > Reporting Services Security

Problem

In general, reports provide singular and comparative analysis and can be formatted as statistical, tabular or graphical. At times, confidential data should only be available to certain users. With SQL Server Reporting Services , how can we implement column level security in order to restrict a user's to view certain data.

Solution

SQL Server Reporting Services includes a feature called Column Visibility which can be used to implement column level security. In this tip will we demonstrate column level security with the following steps:

First Step: Create a table to manage column level access to sensitive data on a per login basis. Second Step: Create a stored procedure to return the login column security information. Third Step: Build an SSRS report with a parameter in to read the login column security information from the stored procedure created in step 2. Fourth Step: Implement the Column Visibility feature to use the SSRS parameter to show or hide columns.

NOTE - This tip assumes you are proficient at building SQL Server Reporting Services Reports. If you are new to the technology, check out this tutorial .

Step 0 - Setup a Sample Data Set

I have created a sample table called Employee with an identifier, name, age and salary.


SQL Server Reporting Services Column Level Security

I have also created a sample report of the Employee table to show all columns from the table:


SQL Server Reporting Services Column Level Security
Step 1 - Sensitive Data Management

Create a second table called "FieldRules" which has three fields: UserName(nvarchar), FieldName(nvarchar) and IsVisible(bit). Once created, add a sample record. In this case, I have added a sample user with field name (i.e. Salary) to show/hide the visibility (i.e. set to false) as shown below.


SQL Server Reporting Services Column Level Security
Step 2 - Stored Procedure to Return Data Access

Create a stored procedure ShowColumnInfo to return the data access for the sensitive information for a specific UserID based on an input parameter:

CREATE PROCEDURE [dbo].[ShowColumnnInfo] @UserID nvarchar(100)
AS
SELECT *
FROM FieldRules
WHERE UserName = @UserID
GO Step 3 - Build the SQL Server Reporting Services Report

To start building the report, create a DataSource (i.e. DataSource1 in this example) in the SSRS report to access the database. Next, create a dataset called ShowFieldDataSet which will access the data from the FieldRules table using the dbo.ShowColumnInfo stored procedure as shown below.


SQL Server Reporting Services Column Level Security
SQL Server Reporting Services Column Level Security

Also we have to create two parameters: UserID (to be passed as a parameter to stored procedure "ShowFieldDataset") which is shown above and FieldsToShow (which will pull IsVisible values from "ShowFieldDataSet") which is shown below.


SQL Server Reporting Services Column Level Security
SQL Server Reporting Services Column Level Security
Step 4 - Configure SQL Server Reporting Services Column Visibility

The last step is to configure the Salary column to show/hide depending upon the value from the FieldsToShow parameter. Select the column in the SSRS report, right-click and select "Column Visibility". Configure the expression as shown in the figure below.


SQL Server Reporting Services Column Level Security
SQL Server Reporting Services Column Level Security
Final SSRS Report Demonstration

Now enter the login name (i.e. User ID), and it will show/hide the "Salary" column. In this case, we have configure the logic to not to show the "Salary" column for the user "Rahul" .


SQL Server Reporting Services Column Level Security
Next Steps

Last Update:


Viewing all articles
Browse latest Browse all 12749